Encryption and Digital Signature Service Calls

PUBENCIPHER

Parameter Descriptions:

ALGID:

Specifies the encryption algorithm to be used:

MODULUS_SIZE:

Specifies the size of the key modulus in bytes.

RCVR_PUBKEY:

Specifies the address that points to the string of bytes containing the public key of the intended recipient of the enciphered message.

PLEN:

Specifies the length of the plaintext data in bytes. For the RSA encryption algorithm, PLEN should be no greater than MODULUS_SIZE.

PT:

Specifies the address that points to the string of bytes containing the plaintext data. For the RSA encryption algorithm, the binary value of PT must be less than the binary value of the key modulus.

CLEN:

Specifies the length of the ciphertext in bytes. For the RSA encryption algorithm, CLEN would be no greater than MODULUS_SIZE.

CT:

Specifies the address that points to the string of bytes containing the ciphertext. For the RSA encryption algorithm, the binary value of CT would be less than the binary value of the key modulus.

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call uses the encryption algorithm specified in ALGID to encipher a message. Currently only the RSA algorithm supports public-key encryption. The size of the key modulus is specified in MODULUS_SIZE. The intended recipient's public key (RCVR_PUBKEY) is used to encipher the plaintext message (PT) of length PLEN. The resulting ciphertext (CT), its length (CLEN), and the STATUS of the call are returned to the host.
PUBDECIPHER

Parameter Descriptions:

ALGID:

Specifies the decryption algorithm to be used:

MODULUS_SIZE:

Specifies the size of the key modulus in bytes.

RCVR_PRIKEYID:

Specifies the address that points to the character string containing the identity of the message recipient's private key.

CLEN:

Specifies the length of the ciphertext in bytes. For the RSA algorithm, CLEN should be no greater than MODULUS_SIZE.

CT:

Specifies the address that points to the string of bytes containing the ciphertext. For the RSA algorithm, the binary value of CT should be less than the binary value of the key modulus.

PLEN:

Specifies the length of the plaintext data in bytes. For the RSA algorithm, PLEN would be no greater than MODULUS_SIZE.

PT:

Specifies the address that points to the string of bytes containing the plaintext data. For the RSA algorithm, the binary value of PT would be less than the binary value of the key modulus.

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call uses the algorithm specified in ALGID to decipher a message. Currently only the RSA algorithm supports public-key decryption. The size of the key modulus is specified in MODULUS_SIZE. The message recipient's private key identified by RCVR_PRIKEYID is used to decipher the ciphertext (CT) of length CLEN. The resulting plaintext (PT), its length (PLEN), and the STATUS of the call are returned to the host.
SIGN

Parameter Descriptions:

ALGID:

Specifies the algorithm used for enciphering:

LEN:

Specifies the length of the data in bytes

DATA:

Specifies the address that points to the string of bytes containing the data to be processed

MDID:

Specifies the message digest algorithm used for producing the message digest:

PRIKEYID:

Specifies the address that points to the character string containing the identity of the private key associated with the signer.

SIGNLEN:

Specifies the length of the signature in bytes

SIGNATURE:

Specifies the address that points to the string of bytes containing the result of applying the private key to the data.

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call applies a message digest algorithm, specified by MDID, to the DATA of indicated LEN resulting in a message digest. Note that the DATA must be left justified (from the least significant byte to the most significant byte) and right padded with zeroes. The resulting message digest is used to compute a SIGNATURE, based on the ALGID specified, by applying the private key associated with PRIKEYID to the message digest.Note when a modulus is used, the message digest must be less than or equal to the modulus associated with the signature algorithm specified by ALGID. The service call returns the resulting SIGNATURE, SIGNLEN, and STATUS to the host.

NOTE1: Information such as USERID, CAID, and CASERIALNO could be in the data or sent separately in order to indicate the correct public key, PUBKEY, used to verify the signature.

NOTE2: When it is desired to compute the signature on the DATA of indicated LEN without applying a hashing function, use PUBDECIPHER.
VERIFYSIGNATURE

Parameter Descriptions:

ALGID:

Specifies the algorithm used for enciphering:

MDID:

Specifies the message digest algorithm used for producing the message digest:

SIGNLEN:

Specifies the length of the signature in bytes

SIGNATURE:

Specifies the address that points to the string of bytes containing the result of applying the private key to the data.

CERTID:

Specifies the address that points to the character string containing the identity of the certificate

LEN:

Specifies the length of the data in bytes

DATA:

Specifies the address that points to the string of bytes containing the data to be processed

RESULT:

Specifies the address that points to the data storage that will receive the result of the call, which is either 0 or 1

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

Based on the ALGID specified, this service call verifies the SIGNATURE of indicated SIGNLEN by applying the public key obtained from the certificate associated with CERTID, to the SIGNATURE to reveal a Test Message Digest (TMD). It sets the correct RESULT to indicate if TMD is identical with the Message Digest (MD) computed by applying a message digest algorithm, specified by MDID, to the DATA of indicated LEN. Note when a modulus is used, the message digest must be less than or equal to the modulus of the signature algorithm, ALGID. The RESULT and STATUS are returned to the host.

NOTE: When it is desired to verify the signature on the DATA of indicated LEN without applying a hashing function, use PUBENCIPHER.